lucky-parking icon indicating copy to clipboard operation
lucky-parking copied to clipboard

Published 20 hours ago verified publisher icon hackforla

[DRAFT] Configure SSL certificates for Cloudfront

Open gregpawin opened this issue 4 years ago • 5 comments

Overview

Configure Cloudfront and 3rd-party DNS to allow SSH

Action items

  • [ ] Finish MVP (since load balancer will add to hosting costs)
  • [ ] Setup load balancer

Resources/Instructions

See notes below from Adam

gregpawin avatar Dec 28 '20 17:12 gregpawin

Only https://www.luckyparking.info works. luckyparking.info and www.luckyparking.info does not forward correctly despite configuring Cloudfront to do so.

gregpawin avatar Dec 28 '20 17:12 gregpawin

Naked domain also forwards correctly now.

gregpawin avatar Jan 05 '21 03:01 gregpawin

Express server is not SSL and causes mixed content warnings. Turned off Https for now. Comments from Adam:

Express https stuff:
In the server code, app.listen is a wrapper for http.createServer, so pretty sure you would need to specifically enable https in the server code. Relevant express docs here. I gather that’s not an ideal way to handle it since your server would be handling decrypting the https traffic. At the moment it doesn’t look like your express server is handling https. A better way would be setting up a load balancer or reverse proxy.
Current server setup and how requests are handled (if I remember it correctly):
   Express server running in ec2 instance.
   Express listening on port 5000.
   Security group for the ec2 instance has inbound rules for ports 80 (http), 443 (https), and 5000.
You visit https://luckyparking.info in your browser. It looks like you have it set up to redirect http to https
 2.  Client sends http request to your-server-ec2-instance-url:5000 This api call fails because mixed content is blocked by the browser (https + http).
 OR
Client sends https request to your-server-ec2-instance-url:5000  This fails because the server code doesn’t handle the SSL cert and encryption stuff. If the port (5000) is left off the ec2 url, http requests will go to port 80 and https to 443 by default. Both should fail since your server code isn’t listening on those ports.
With a load balancer (AWS ALB/ELB) or reverse proxy:
   Express server running in ec2 instance.
   Express listening on port 5000.
   Security group for the ec2 instance has inbound rule for port 5000.
   AWS load balancer connected to your server ec2 instance.
   SSL cert configured on AWS load balancer.
   AWS load balancer listening on port 443 (https) and forwarding requests to your server on port 5000.
You visit https://luckyparking.info in your browser.
Client sends https request to your-load-balancer-url (defaults to port 443 for https). Load balancer handles the the SSL authentication/encryption.
Load balancer forwards the request to your-server-ec2-instance on port 5000
Your server responds to the load balancer on port 5000
Load balancer encrypts and responds to the client on port 443 (https)
Would still need to update the domain records to point api.luckyparking.info at your load balancer.
Before doing this, maybe disable the http -> https redirect on luckyparking.info. Deploy your ec2 backend and set the API_URL in the client to http://your-server-ec2-instance-url:5000. Visit http://luckyparking.info (NOT https) in the browser. Client should make an http call to your ec2 instance and hopefully not hit the mixed content blocked problem. If an all-http version of the deployed app (front and back end) works, then we can figure out the stuff above to get https working. (edited)

Https should be implemented with load balancer but will increase hosting costs. Probably implement after site design more permanent.

gregpawin avatar Jan 16 '21 08:01 gregpawin

@gregpawin This issue has not had an update since 7/26/21. If you are no longer working on this issue please let us know. If you are able to give any closing comments related to why this issue stopped being worked on or if there are any other notes that never got added to the issue. We would appreciate it. If you are still working on the issue, please provide update using these guidelines

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures (if necessary): "Add any pictures that will help illustrate what you are working on."

tmlin1 avatar Mar 16 '22 05:03 tmlin1

This issue is a DRAFT for now, but anyone can update the sections based on the format below, especially the Overview section. Once we know what needs to be done and why we can prioritize whether to work on this issue.

Dependencies

ANY ISSUE NUMBERS THAT ARE BLOCKERS OR OTHER REASONS WHY THIS WOULD LIVE IN THE ICEBOX

Overview

WE NEED TO DO X FOR Y REASON

Action Items

A STEP BY STEP LIST OF ALL THE TASK ITEMS THAT YOU CAN THINK OF NOW EXAMPLES INCLUDE: Research, reporting, etc.

Resources/Instructions

REPLACE THIS TEXT -If there is a website which has documentation that helps with this issue provide the link(s) here.

gordonruby avatar May 02 '22 16:05 gordonruby